1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hijackthis help

Discussion in 'Virus & Other Malware Removal' started by Shark0, Sep 10, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Shark0

    Shark0 Thread Starter

    Joined:
    Jul 16, 2003
    Messages:
    30
    Is there anything wrong with this:

    Logfile of HijackThis v1.95.1
    Scan saved at 4:40:59 PM, on 9/10/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\WINNT\system32\crypserv.exe
    C:\Program Files\Roxio\GoBack\GBPoll.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\SK9910DM.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINNT\GWHotKey.exe
    C:\WINNT\System32\CTHELPER.EXE
    C:\WINNT\GWMDMMSG.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\PROGRA~1\AIM95\aim.exe
    C:\WINNT\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINNT\System32\rundll32.exe
    C:\Program Files\Roxio\GoBack\GBTray.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm
    O2 - BHO: (no name) - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_6.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_6.dll
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\Owner\Desktop\Desktop folders\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/03d79999d6c0f4211123/netzip/RdxIE2.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37647.4240277778
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
     
  2. Emtronics

    Emtronics

    Joined:
    Jan 20, 2000
    Messages:
    2,984
    Everything looks pretty decent. CDAC11BA.EXE is a Turbo Tax that has sometimes been called spyware. You don't need Winamp running in the backround. This can be disbaled from within Winamp. Same with MSN Messenger. I don't like Norton, but then that doesn't make it bad. :D I just think you don't need all that Norton stiff running when an A/V like ETRUST Antivirus will run without sucking resources. That's my opinion.
     
  3. Shark0

    Shark0 Thread Starter

    Joined:
    Jul 16, 2003
    Messages:
    30
    I downloaded winamp then uninstalled it, but its still there, how would i get rid of that?
    when i start my computer for some reason "Windows Messenger" logs me in, which in its options i unchecked "Allow this program to run in background". Its not even active on the bottom quickbar thing by the clock. How do I make it so it won't log me into "Windows messenger" when i startup? (MSN Messenger doesn't log in)
    I have my msn messenger set up so i can login automatically, but i don't want it to do that anymore, is there a way that i can make it so it does not have anything saved?
     
  4. Emtronics

    Emtronics

    Joined:
    Jan 20, 2000
    Messages:
    2,984
    How did you uninstall Winamp? Did you use the ADD/REMOVE Programs Icon in the Control Panel? Which version of Winamp did you have? 2.x or 3.x? MSN Messenger can be a troublesome program. If you use Outlook Express, then there is a setting in there also that has to be disabled, otherwise MSN will start when that program starts. Open MSN and under the TOOLS menu, I think, choose Options. UNCHECK "start when Windows starts" and "run this in the backround" features. You can go to START | Run and type: msconfig Hit OK. Under the STARTUP Tab, you can uncheck any reference to MSN Messenger and Winamp. This will require a reboot. This is a temporary fix and you should be able to control these from within the various programs. If you deleted Winamp incorrectly, then re-installing the same version back on and then uninstalling it via ADD/REMOVE will correct your problem.


    Also, check what's in the Startup Folder. START | All Programs/startup. Delete anything in there that may refer to Winamp.
     
  5. BabyG

    BabyG

    Joined:
    Mar 15, 2003
    Messages:
    63
    Hi SharkO

    With the Windows Messenger open, go back to options, click on the "preferences" tab, make sure the box that says "Run this program when Windows starts" is Clear. (vs checked)

    Hope this helps,
    BabyG :)
     
  6. Shark0

    Shark0 Thread Starter

    Joined:
    Jul 16, 2003
    Messages:
    30
    Did you read my post?
     
  7. Emtronics

    Emtronics

    Joined:
    Jan 20, 2000
    Messages:
    2,984
    There is also an option that reads something like; "Start Messenger when Windows starts..." in the same option box. Make sure there is NO check mark there also.
     
  8. Shark0

    Shark0 Thread Starter

    Joined:
    Jul 16, 2003
    Messages:
    30
    nothing to do with MSN Messenger. windows messenger doesn't start but its somehow active in the background, which shouldn't happen.
     
  9. Emtronics

    Emtronics

    Joined:
    Jan 20, 2000
    Messages:
    2,984
    You have to go into Services (RIGHT click My Computer and choose MANAGE) You can disable it from there. By default, Windows Messenger starts when Windowss starts. This has been a problem on some XP systems when connected via a broadband connection. You get pop-up type ads. Windows Messenger is supposed to run in the backround and you shouldn't noticed it unless it is used. A great Admin tool but a pain for stand alone computers unprotected on the internet. It can be disabled. (shut off)
     
  10. BabyG

    BabyG

    Joined:
    Mar 15, 2003
    Messages:
    63
    quote:
    --------------------------------------------------------------------------------
    Originally posted by BabyG:
    Hi SharkO

    With the Windows Messenger open, go back to options, click on the "preferences" tab, make sure the box that says "Run this program when Windows starts" is Clear. (vs checked)

    Hope this helps,
    BabyG

    --------------------------------------------------------------------------------

    quote:
    --------------------------------------------------------------------------------

    Did you read my post?

    quote:
    --------------------------------------------------------------------------------

    when i start my computer for some reason "Windows Messenger" logs me in, which in its options i unchecked "Allow this program to run in background". Its not even active on the bottom quickbar thing by the clock. How do I make it so it won't log me into "Windows messenger" when i startup?

    Did you read my post??

    you said that you unchecked the box so it wouldn't run in the "background". You need to UNcheck the box that says "run when Windows starts" That will stop it from automatically logging you in when you boot up your computer.


    BabyG
     
  11. computechman

    computechman

    Joined:
    Sep 14, 2002
    Messages:
    28
    Just a note as I was having the same troble, it is being caused, atleast on my system by Norton 2003. If you go into the options of Norton then in to the Instant Messenger section and take the check out of Windows Messenger it will stop the background running of Messenger, ie. running but not on the taskbar.

    Just my 2 cents but it did the trick for me
     
  12. Emtronics

    Emtronics

    Joined:
    Jan 20, 2000
    Messages:
    2,984
    Well there ya go! computechman sounds like he's found a cure. IMO, another reason not to run Norton.
     
  13. Shark0

    Shark0 Thread Starter

    Joined:
    Jul 16, 2003
    Messages:
    30
    thanks computechman, i will try that.
    and BabyG wouldn't that be one of the first things i would do to try to solve the problem? lol
     
  14. VirtualMe

    VirtualMe

    Joined:
    Sep 27, 2002
    Messages:
    867
    Try turning off Windows Messenger in Windows XP by

    Clicking Start->Setting->Control Panel

    Click-> Administrative Tools

    Double click-> Services

    Scroll down and highlight "Messenger"

    Right->click the highlighted line and choose Properties

    Click the Stop button link.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/163806

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice